Back to Guides

Linux OpenVPN installation

We advise you to run a later version of OpenVPN as versions older than 2.4.0 don't perform very well.

Linux General

Follow these steps for all Linux distributions.

  1. Click on Download Client.
  2. Click on Instructions and configuration files found under iOS, Android and other platforms.
  3. Select Linux as platform by using the drop-down menu.
  4. Enter your account number, select a region and then click on Download to save the configuration file.
  5. Open up a terminal and change directory to where you downloaded the file (usually ~/Downloads/)
  6. Issue: unzip mullvad_config_xx.zip (where xx is the region you selected)

Keep in mind, having it installed as a service means that it will start when you boot up your computer. If you do not want this behaviour, disable it by changing /etc/default/openvpn and then make sure "AUTOSTART=none" is set. You will then have to manually start OpenVPN each time (sudo service openvpn restart).
 

Ubuntu 16.04 / 14.04 and Debian 7/8/9

First, follow the "Linux General" instructions above.

  1. Open a terminal and issue "sudo apt-get update && apt-get upgrade".
  2. Issue: "sudo apt-get install openvpn".
  3. Copy mullvad_ca.crt, mullvad_crl.pem, mullvad_xx.conf and mullvad_userpass.txt  to /etc/openvpn/  (use sudo).
  4. Start openvpn with "sudo service openvpn start" or "sudo nohup openvpn --config /etc/openvpn/mullvad_xx.conf" (Where xx is the country or region you selected.
  5. To check whether you are connected to us or not, you can run "curl https://am.i.mullvad.net".
     

Ubuntu 16.04 or newer using Network-manager

  1. Open a terminal and issue "sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome"
  2. Open a browser and go to https://mullvad.net
  3. Click on Download client
  4. Click on then under iOS, Android and other platforms click on "Instructions and configuration files"
  5. Select Android as platform using the drop-down menu.
  6. Enter your account number, select a country and then click on Download to save the configuration file.
  7. Network manager does not like inline crl, so please open the downloaded configuration file in an editor and remove the inline crl, remove "<crl-verify>"  and everything after to  "</crl-verify>" (including that line)   and then save it.
  8. Click on the Network icon
  9. Click on VPN-Connections -> Configure VPN
  10. Click on Add
  11. Select Import a saved vpn configuration
  12. navigate to where you saved the downloaded file, select it and then click open
  13. Enter your mullvad account number as in the User name field and enter "m" in the password field
  14. Click on Save
  15. sudo nano -w /etc/NetworkManager/NetworkManager.conf and change "dns=dnsmasq" to "#dns=dnsmasq" and save.
  16. Issue "sudo service network-manager restart" in a terminal
  17. Click on Network icon -> VPN Connections -> Mullvad_** where ** is the country you selected  to connect.
     

Fedora 23/24

First, follow the "Linux General" instructions above.

  1. Open a terminal and issue:  "sudo dnf install openvpn resolvconf".
  2. Copy mullvad_ca.crt, mullvad_crl.pem, mullvad_xx.conf and mullvad_userpass.txt update-resolv.conf to /etc/openvpn/ (use sudo).
  3. Cssue "sudo chmod 755 /etc/openvpn/update-resolv.conf".
  4. Ctart openvpn with "sudo service openvpn start" or "sudo nohup openvpn --config /etc/openvpn/mullvad_xx.conf" (Where xx is the country or region you selected.
  5. To check whether you are connected to us or not, you can run "curl https://am.i.mullvad.net".
     

Changing servers

In this example, we are changing from the default se server to the se1 server.

  1. Edit mullvad_config_xx.conf  (replace xx with the country/region you selected)
  2. Replace the first "remote se.mullvad.net 1300" with "remote se1.mullvad.net 1300" or the IP address: "remote 185.65.132.102 1300"
  3. Save and then restart OpenVPN.
     

Kill switch

This will assume your network interfaces are on eth* and that you want to connect to our Swedish or Dutch servers and your DNS is set to use our public one. Add or replace the IP ranges or IP addresses to the servers you wish to use. 193.138.219.228 is for our public DNS.

sudo iptables -P OUTPUT DROP
sudo iptables -A OUTPUT -o tun+ -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
sudo iptables -A INPUT -s 255.255.255.255 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p udp -m multiport --dports 53,1300:1302,1194:1197 -d 185.213.152.0/24,185.65.134.0/24,185.65.135.0/24,193.138.219.0/24,193.138.218.0/24,185.213.154.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ -p tcp -m multiport --dports 53,443 -d 185.213.152.0/24,185.213.154.0/24,193.138.218.0/24,185.65.134.0/24,185.65.135.0/24,193.138.218.0/24 -j ACCEPT
sudo iptables -A OUTPUT -o eth+ ! -d 193.138.219.228 -p tcp --dport 53 -j DROP
sudo ip6tables -P OUTPUT DROP
sudo ip6tables -A OUTPUT -o tun+ -j ACCEPT

 

Troubleshooting

I have disabled IPv6 and OpenVPN exits out with a fatal error.
Edit the OpenVPN configuration and make the following changes:

  1. Replace proto udp with proto udp4 and proto tcp with proto tcp4
  2. Add pull-filter ignore "route-ipv6"
  3. Add pull-filter ignore "ifconfig-ipv6"

If you add these options on a device that has working IPv6, then you will leak IPv6. Make sure you verify this before making changes.
 

Easily check your online privacy with Am I Mullvad

While you're connected to Mullvad, your browser could still be leaking information and therefore jeopardizing your privacy. With our Am I Mullvad online tool, you can now get a quick overview of your connection status.